https://community.checkpoint.com/t5/Firewall-and-Security-Management/Are-logs-in-encrypted-form-while-sending-to-management-server/m-p/163936#M29288 <P>Thanks for your reply is there any way we can show that logs was encrypted during forwarding logs management server, &nbsp;because auditor ask they same questions to us and if is it mentioned in any document please share if you have any docs or articles related to this topic.</P> Fri, 02 Dec 2022 09:23:15 GMT usmanshah526 2022-12-02T09:23:15Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Are-logs-in-encrypted-form-while-sending-to-management-server/m-p/163290#M29136 <P>Hello All,</P><P>I have one query about logs if any one know the answer please reply the same.</P><P>query is between management servers and gateways logs sending in which format like plain text and encrypted form?</P><P>and if it’s sending logs in plain format is it possible to man in the middle attacker to read the logs while sending to management server?</P><P>&nbsp;</P> Sun, 27 Nov 2022 18:35:58 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Are-logs-in-encrypted-form-while-sending-to-management-server/m-p/163290#M29136 usmanshah526 2022-11-27T18:35:58Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Are-logs-in-encrypted-form-while-sending-to-management-server/m-p/163339#M29150 <P>Logs are sent through a protected channel with certificate-based authentication. I would be very surprised if you manage to do MitM attach on that.</P> Mon, 28 Nov 2022 11:51:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Are-logs-in-encrypted-form-while-sending-to-management-server/m-p/163339#M29150 _Val_ 2022-11-28T11:51:53Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Are-logs-in-encrypted-form-while-sending-to-management-server/m-p/163936#M29288 <P>Thanks for your reply is there any way we can show that logs was encrypted during forwarding logs management server, &nbsp;because auditor ask they same questions to us and if is it mentioned in any document please share if you have any docs or articles related to this topic.</P> Fri, 02 Dec 2022 09:23:15 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Are-logs-in-encrypted-form-while-sending-to-management-server/m-p/163936#M29288 usmanshah526 2022-12-02T09:23:15Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Are-logs-in-encrypted-form-while-sending-to-management-server/m-p/163937#M29289 <P>Its pretty simple - Capture the packet in your switch for port TCP/257 or even on mgmt server for port TCP/257. Try to read the logs. Since mgmt server is CA and then distributes certificates to difference component like firewalls and event viewer if deployed separately. The entire communication is encrypted using certificates</P> Fri, 02 Dec 2022 09:38:18 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Are-logs-in-encrypted-form-while-sending-to-management-server/m-p/163937#M29289 Blason_R 2022-12-02T09:38:18Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Are-logs-in-encrypted-form-while-sending-to-management-server/m-p/163944#M29290 <P>I dont believe there is specific document saying so, but its been that way with CP since the beginning.&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/1551">@Blason_R</a>&nbsp; and&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/181">@_Val_</a>&nbsp;are 100% correct!</P> Fri, 02 Dec 2022 11:12:24 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Are-logs-in-encrypted-form-while-sending-to-management-server/m-p/163944#M29290 the_rock 2022-12-02T11:12:24Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Are-logs-in-encrypted-form-while-sending-to-management-server/m-p/163946#M29292 <P>Also, to add to this, any communication between mgmt and gateway would be encrypted. Think of basic scenario...lets say SIC breaks on the firewall and you have to reset it. Key you put on for sic reset, does not matter, can be 12345678, its a one time password thats encrypted and its gone, thats it.&nbsp;</P> <P>But, if you really need document stating than, I will let someone else provide it, as I had never seen one stating so.</P> Fri, 02 Dec 2022 11:44:52 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Are-logs-in-encrypted-form-while-sending-to-management-server/m-p/163946#M29292 the_rock 2022-12-02T11:44:52Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Are-logs-in-encrypted-form-while-sending-to-management-server/m-p/163952#M29296 <P>Please refer to the section on SIC in the Security Management Admin Guide for your version, aswell as describing the encryption used by SIC it states this "trust" is required to send logs from Gateway to Management etc.</P> Fri, 02 Dec 2022 11:58:38 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Are-logs-in-encrypted-form-while-sending-to-management-server/m-p/163952#M29296 Chris_Atkinson 2022-12-02T11:58:38Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Are-logs-in-encrypted-form-while-sending-to-management-server/m-p/163953#M29297 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/85369">@usmanshah526</a>&nbsp; you can find these information in the documentation&nbsp;<A title="SIC" href="https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_SecurityManagement_AdminGuide/Topics-SECMG/Secure-Internal-Communication.htm?Highlight=SIC" target="_blank" rel="noopener">Secure Internal Communication (SIC)</A>&nbsp;</P> <P>encryption type, which communication is encrypted etc.</P> Fri, 02 Dec 2022 12:06:08 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Are-logs-in-encrypted-form-while-sending-to-management-server/m-p/163953#M29297 Wolfgang 2022-12-02T12:06:08Z